Analysis
-
max time kernel
109s -
max time network
36s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
22/03/2023, 00:52
General
-
Target
P4rr0tCr4sh3r_V1.exe
-
Size
139KB
-
MD5
b0e20c5a66c9ea6a84af3297c43e0ab6
-
SHA1
2aef2f78d20bb83f623f9af561db6b764a3ccaf2
-
SHA256
398984b3f83181088396b031a5c80dcc486ad12c278a3b846a424654798fa3ad
-
SHA512
fc68923e099d5ab15ecf0531b110d905a71ab60e11c6df0d02e23e7d7054177680f00a39ee7b223377855005b6a917cc3cc40877b3c453d4140c63ec7bf2e45c
-
SSDEEP
1536:agyJWH4azSaXtJ+WVkADPQHQBK8JEOROwHX9rdvrqLy:agWWB+gkArQHO1OcrxUy
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\P4rr0tCr4sh3r_V1.exe"C:\Users\Admin\AppData\Local\Temp\P4rr0tCr4sh3r_V1.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\639.tmp\P4rr0tCr4sh3r.bat" "C:\Users\Admin\AppData\Local\Temp\P4rr0tCr4sh3r_V1.exe""2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\shutdown.exeshutdown.exe -s -t 60 -c "You have been crashed by P4rr0tCr4sh3r, say goodbye to your pc in the next 1 min :D"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
C:\Program Files\Windows NT\Accessories\wordpad.exe"C:\Program Files\Windows NT\Accessories\wordpad.exe"4⤵
-
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
C:\Windows\system32\calc.execalc3⤵
-
-
C:\Windows\system32\control.execontrol3⤵
-
-
C:\Windows\system32\write.exewrite3⤵
-
-
C:\Windows\explorer.exeexplorer3⤵
-
-
C:\Windows\system32\cmd.execmd3⤵
-
-
C:\Windows\system32\mspaint.exemspaint3⤵
-
-
C:\Windows\system32\notepad.exenotepad3⤵
-
-
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-19410130021126391827-829428536-2132285121966265172793178202-1488183918759118528"1⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
253B
MD5690b14eb0768a65feb6b5b20a73fa0ba
SHA18a0f9bde36eb729a701041a84d3cacdc36b10185
SHA256613219bfb9e8d14af0ff1a036000037370505d2d1c0a567e4119b04de96be15f
SHA512e998df8ea65aa6c05fd96584c8d4d1e26e7805b9833c38ed7bc1c15ef1f08e9239489aee5ac23ea24f75dd688ab5ab0600e2420fc4a9aec0e36590cc59ce8270
-
Filesize
253B
MD5690b14eb0768a65feb6b5b20a73fa0ba
SHA18a0f9bde36eb729a701041a84d3cacdc36b10185
SHA256613219bfb9e8d14af0ff1a036000037370505d2d1c0a567e4119b04de96be15f
SHA512e998df8ea65aa6c05fd96584c8d4d1e26e7805b9833c38ed7bc1c15ef1f08e9239489aee5ac23ea24f75dd688ab5ab0600e2420fc4a9aec0e36590cc59ce8270
-
Filesize
56KB
MD5bd72dcf1083b6e22ccbfa0e8e27fb1e0
SHA13fd23d4f14da768da7b8364d74c54932d704e74e
SHA25690f44f69950a796ab46ff09181585ac9dabf21271f16ebb9ea385c957e5955c1
SHA51272360ab4078ad5e0152324f9a856b3396e2d0247f7f95ac8a5a53a25126ac3cff567cc523849e28d92a99730ee8ffb30366f09c428258f93a5cca6d0c5905562
-
Filesize
304KB
-
Filesize
4KB
-
Filesize
304KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
4KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
304KB
-
Filesize
4KB
-
Filesize
304KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
304KB
-
Filesize
4KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB